A dangerous browser hijacker called Search.hfreeliveradio.co has been found to infect computer users worldwide. The victims report serious security and privacy issues when accessing the malicious service. It is linked with other criminal services that are used to harvest sensitive data from the victims.
|Type||Browser Hijacker, PUP|
|Short Description||Every browser application which is on your computer will get affected. The hijacker can redirect you and show you lots of advertisements.|
|Symptoms||Browser settings that get changed are the start page, search engine and the new tab page.|
|Distribution Method||Freeware Installations, Bundled Packages|
|Detection Tool|| See If Your System Has Been Affected by Search.hfreeliveradio.co |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Search.hfreeliveradio.co.|
Search.hfreeliveradio.co – Delivery Methods
Users can get infected with the Search.hfreeliveradio.co redirect by falling victim into one of the many distribution options available. Most of them are related to browser hijacker infections. They are malicious extensions made for the most popular web browsers: Mozilla Firefox, Google Chrome, Safari, Internet Explorer and Microsoft Edge. Once infected with them the victims may find that essential settings have been modified by the malware. Some of the most obvious changes include the default home page, new tabs page and search engine. Other dangers include the following:
- Information Harvesting ‒ The browser hijackers have the ability to extract sensitive information from the web browsers. This includes form data, bookmarks, history, stored account credentials, settings and passwords.
- Additional Malware Infection ‒ In many cases browser hijackers can lead to malicious virus infections as well.
- System Changes ‒ The application can modify essential system settings as well which can cause performance or stability issues.
Search.hfreeliveradio.co infections can also be caused by web scripts and other related malware. Another method involves the use of infected files, popular strategies include documents and software installers. They contain scripts and code that leads to the installation of the Search.hfreeliveradio.co redirect. The documents themselves can be any of the popular office types (rich text documents, spreadsheets or databases) and when they are run built-in macro commands are activated that download the Search.hfreeliveradio.co to the victim computer. Software installers on the other hand can be of different types. The majority of them are hacker-modified applications downloaded from their official sources. They are configured to include the malware code that leads to a successful Search.hfreeliveradio.co infection. Such samples are then spread on fake download portals or P2P networks like BitTorrent where pirate content is usually found. Web scripts, ad networks and other malware can also lead to infections.
Search.hfreeliveradio.co – In-Depth Overview
Once the infection is established on the victim computers the users will find that their browsers are constantly redirected to one of the domains associated with the threat ‒ Search.hfreeliveradio.co or query.hfreeliveradio.co. They feature the same design, a web page that shows a familiar looking interface. The web page is made up of several elements:
- Top Menu Bar ‒ Shows a small search box, links to popular services and the the title of the site “Free Live Radio”.
- Search Engine ‒ The main element of the site shows a search engine box that is placed in the center. Underneath it are placed large buttons to some of the most widely used web sites, along with an option to hide them.
The aim of the hackers is to manipulate the victims into using the site in any way possible. All interactions are recorded and the fact that most of the redirects are caused by browser hijackers operated by the same operators or their affiliates.
The fact that the website is designed to look like a legitimate search engine or an Internet portal shows that the operators have a malicious intent in this case. We have detected that merely visiting the home page without interacting with any of the links still leads to the delivery of many cookies. As a result every victim is assigned a unique infection ID that tracks the interaction of every user and starts to build a database of all collected data.
We have uncovered that the site is operated by Polarity a well-known company that operates a lot of similar sites. As it is part of a large network we suspect that the site is part of their information collection scheme. If the users use several sites operated by Polarity the hackers will be able to collect more information about them. This is one of the reasons why the search engine relies on a custom Yahoo-powered link.
When the users search for something using the box they will be shown inaccurate results. They may come across several different types of links:
- Polarity Powered Affiliate Sites ‒ The company may opt to place a preference on their own sites. By folowing such links the victims will find themselves in a loop of similar sites that all track their behavior and harvest sensitive data.
- Affiliate Links ‒ Such sites are shown to the users based on a deal made by the site operators and ad networks. The site gains income based on site interaction with these sites.
- Search Engine Sponsored Sites ‒ These site results generate income for the search engine itself.
As you can see best or relevant results are not among the priority list. As a consequence it is possible to infect the victims with dangerous viruses or ransomware by interacting with malicious sites. Hackers frequently utilize such sites to spread new malware samples.
- Data Collection – The company enforces data collection on the Search.hfreeliveradio.co site, both personally-identifiable and anonymous usage. The user consents to the fact that this includes all search queries and recorded information that can lead to the discovery of the victim’s personal data: name, mailing address, telephone number, social security number, driver’s license or other ID. Every visitor is logged with a unique ID. Statistical information includes the type of web browser, resolution, browser settings and other related data. Beware that the site operators also have access to the information regarding the potential geographical location and Internet Service Provider.
- Data Disclosure – The service operators may disclose the collected data to third-party companies, partners and affiliates.
- User Tracking – The users are automatically assigned a tracking cookie which can record all interactions with the service.
The company’s address is listed as the following:
Polarity Technologies LTD
Nora Court, 3rd floor, office 301
Limassol, Cyprus 3040
The same policy is applied to the query.hfreeliveradio.co site as well.
Remove Search.hfreeliveradio.co Effectively
To remove Search.hfreeliveradio.co manually from your computer, follow the step-by-step removal instructions provided below. In case the manual removal does not get rid of the hijacker redirect and its files completely, you should search for and remove any leftovers with an advanced anti-malware tool. Such a program can keep your computer safe in the future.